On 02/08/18 10:32, Ard Biesheuvel wrote:
> On 8 February 2018 at 09:25, Laszlo Ersek <ler...@redhat.com> wrote:
>> On 02/08/18 09:32, Jordan Justen wrote:
>>> Given the wording from the contribution agreement, it appears that it
>>> would also be fine to just use Mike's Signed-off-by if he is
>>> authorized to contribute the code even though he didn't author it.
>> So basically just
>>   """
>>   Contributed-under: TianoCore Contribution Agreement 1.1
>>   Signed-off-by: Michael D Kinney <michael.d.kin...@intel.com>
>>   """
>> implies Mike saying, "trust me guys, I got Microsoft's authorization (or
>> whoever the original authors were) to contribute their code under the
>> 2-clause BSDL". Is that right?
>> Dunno why but this concept is hard for me to accept. :) "whoever the
>> original authors were" is super vague to me. Let's say I want to verify
>> that authorization myself: whom do I contact? Are the
>> "https://github.com/Microsoft/MS_UEFI/..."; references considered
>> sufficient origin information?
> This is exactly the reason: if someone contributes code under a
> suitable license, they should take full responsibility that the code
> in question is actually covered by that license.

OK. If that works, then patches #5 and #10 are

Reviewed-by: Laszlo Ersek <ler...@redhat.com>

as they are in this series.

(This keeps boggling my mind -- I honestly wonder whether responsibility
*can* stop at the submitter, as opposed to "catching up" with the whole
project --, so I'm pretty sure I'll forget about this interpretation
again, and you'll have to remind me again. Please bear with me. :( )

> I refuse any responsibility for verifying the origin of code that
> others contribute, and I'm sure your workload doesn't allow it either.

It's definitely not that I'd take any responsibility for origin
verification; I just figured that contributors could (or should)
semi-formally support such efforts, *should* someone in the future feel
like verifying the origin.

edk2-devel mailing list

Reply via email to